hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Wittenauer ...@altiscale.com>
Subject Re: [DISUCSS] Reasonable Hadoop ACL Defaults
Date Tue, 16 Sep 2014 14:08:40 GMT

Removing security@ , adding hdfs-dev@ .

On Sep 16, 2014, at 1:19 AM, Zhijie Shen <zshen@hortonworks.com> wrote:

> Hi folks,
> There're a bunch of ACLs configuration defaults, which are set to "*":
> 1. yarn.admin.acl in yarn-default.xml
> 2. yarn.scheduler.capacity.root.default.[acl_submit_applications|acl_administer_queue]
> in capacity-scheduler.xml
> 3. security.*.protocol.acl in hadoop-policy.xml
> When ACL (or server authorization) is enabled, the resources that are
> supposed to be protected are still accessible. However, anybody can
> still access them because the default configurations are "*",
> accepting anybody. These defaults seem not to make much sense, but
> only confuse users. Instead, the reasonable behavior should be that
> when ACL is enabled, a user is going to be denied by default unless we
> explicitly add him/her into the admin ACLs or the authorized
> user/group list.
> I have a patch to invert "*" to " "  to block all users by default.
> Please let me how what you think about it, and how we should progress.

	a) It would be an incompatible change and would need to go to trunk.
	b) Users enabling ACLs should be expected to go through and check the settings to see what
exactly they are enabling/disabling.
View raw message